Merge branch '361934-aw-add-variable-type' into 'master'

Add VariableType and variables fields

See merge request !89652

app/graphql/types/ci/variable_type.rb

+# frozen_string_literal: true
+
+module Types
+  module Ci
+    # rubocop: disable Graphql/AuthorizeTypes
+    class VariableType < BaseObject
+      graphql_name 'CiVariable'
+
+      field :id, GraphQL::Types::ID, null: false,
+        description: 'ID of the variable.'
+
+      field :key, GraphQL::Types::String, null: true,
+        description: 'Name of the variable.'
+
+      field :value, GraphQL::Types::String, null: true,
+        description: 'Value of the variable.'
+
+      field :variable_type, ::Types::Ci::VariableTypeEnum, null: true,
+        description: 'Type of the variable.'
+
+      field :protected, GraphQL::Types::Boolean, null: true,
+        description: 'Indicates whether the variable is protected.'
+
+      field :masked, GraphQL::Types::Boolean, null: true,
+        description: 'Indicates whether the variable is masked.'
+
+      field :raw, GraphQL::Types::Boolean, null: true,
+        description: 'Indicates whether the variable is raw.'
+    end
+  end
+end

app/graphql/types/ci/variable_type_enum.rb

+# frozen_string_literal: true
+
+module Types
+  module Ci
+    class VariableTypeEnum < BaseEnum
+      graphql_name 'CiVariableType'
+
+      ::Ci::Variable.variable_types.keys.each do |variable_type|
+        value variable_type.upcase, value: variable_type, description: "#{variable_type.humanize} type."
+      end
+    end
+  end
+end

app/graphql/types/group_type.rb

@@ -194,6 +194,13 @@ class GroupType < NamespaceType
           complexity: 5,
           resolver: Resolvers::GroupsResolver
 
+    field :ci_variables,
+          Types::Ci::VariableType.connection_type,
+          null: true,
+          description: "List of the group's CI/CD variables.",
+          authorize: :admin_group,
+          method: :variables
+
     field :runners, Types::Ci::RunnerType.connection_type,
           null: true,
           resolver: Resolvers::Ci::GroupRunnersResolver,

app/graphql/types/project_type.rb

@@ -220,6 +220,13 @@ class ProjectType < BaseObject
           description: 'Build pipeline counts of the project.',
           resolver: Resolvers::Ci::ProjectPipelineCountsResolver
 
+    field :ci_variables,
+          Types::Ci::VariableType.connection_type,
+          null: true,
+          description: "List of the project's CI/CD variables.",
+          authorize: :admin_build,
+          method: :variables
+
     field :ci_cd_settings,
           Types::Ci::CiCdSettingType,
           null: true,

app/graphql/types/query_type.rb

@@ -123,6 +123,11 @@ class QueryType < ::Types::BaseObject
           resolver: Resolvers::Ci::RunnersResolver,
           description: "Find runners visible to the current user."
 
+    field :ci_variables,
+          Types::Ci::VariableType.connection_type,
+          null: true,
+          description: "List of the instance's CI/CD variables."
+
     field :ci_config, resolver: Resolvers::Ci::ConfigResolver, complexity: 126 # AUTHENTICATED_MAX_COMPLEXITY / 2 + 1
 
     field :timelogs, Types::TimelogType.connection_type,
@@ -178,6 +183,12 @@ def ci_application_settings
       application_settings
     end
 
+    def ci_variables
+      return unless current_user.can_admin_all_resources?
+
+      ::Ci::InstanceVariable.all
+    end
+
     def application_settings
       Gitlab::CurrentSettings.current_application_settings
     end

doc/api/graphql/reference/index.md

@@ -87,6 +87,16 @@ four standard [pagination arguments](#connection-pagination-arguments):
 | ---- | ---- | ----------- |
 | <a id="queryciminutesusagenamespaceid"></a>`namespaceId` | [`NamespaceID`](#namespaceid) | Global ID of the Namespace for the monthly CI/CD minutes usage. |
+### `Query.ciVariables`
+
+List of the instance's CI/CD variables.
+
+Returns [`CiVariableConnection`](#civariableconnection).
+
+This field returns a [connection](#connections). It accepts the
+four standard [pagination arguments](#connection-pagination-arguments):
+`before: String`, `after: String`, `first: Int`, `last: Int`.
+
 ### `Query.containerRepository`
 Find a container repository.
@@ -6248,6 +6258,29 @@ The edge type for [`CiStage`](#cistage).
 | <a id="cistageedgecursor"></a>`cursor` | [`String!`](#string) | A cursor for use in pagination. |
 | <a id="cistageedgenode"></a>`node` | [`CiStage`](#cistage) | The item at the end of the edge. |
+#### `CiVariableConnection`
+
+The connection type for [`CiVariable`](#civariable).
+
+##### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="civariableconnectionedges"></a>`edges` | [`[CiVariableEdge]`](#civariableedge) | A list of edges. |
+| <a id="civariableconnectionnodes"></a>`nodes` | [`[CiVariable]`](#civariable) | A list of nodes. |
+| <a id="civariableconnectionpageinfo"></a>`pageInfo` | [`PageInfo!`](#pageinfo) | Information to aid in pagination. |
+
+#### `CiVariableEdge`
+
+The edge type for [`CiVariable`](#civariable).
+
+##### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="civariableedgecursor"></a>`cursor` | [`String!`](#string) | A cursor for use in pagination. |
+| <a id="civariableedgenode"></a>`node` | [`CiVariable`](#civariable) | The item at the end of the edge. |
+
 #### `ClusterAgentActivityEventConnection`
 The connection type for [`ClusterAgentActivityEvent`](#clusteragentactivityevent).
@@ -9992,6 +10025,20 @@ GitLab CI/CD configuration template.
 | <a id="citemplatecontent"></a>`content` | [`String!`](#string) | Contents of the CI template. |
 | <a id="citemplatename"></a>`name` | [`String!`](#string) | Name of the CI template. |
+### `CiVariable`
+
+#### Fields
+
+| Name | Type | Description |
+| ---- | ---- | ----------- |
+| <a id="civariableid"></a>`id` | [`ID!`](#id) | ID of the variable. |
+| <a id="civariablekey"></a>`key` | [`String`](#string) | Name of the variable. |
+| <a id="civariablemasked"></a>`masked` | [`Boolean`](#boolean) | Indicates whether the variable is masked. |
+| <a id="civariableprotected"></a>`protected` | [`Boolean`](#boolean) | Indicates whether the variable is protected. |
+| <a id="civariableraw"></a>`raw` | [`Boolean`](#boolean) | Indicates whether the variable is raw. |
+| <a id="civariablevalue"></a>`value` | [`String`](#string) | Value of the variable. |
+| <a id="civariablevariabletype"></a>`variableType` | [`CiVariableType`](#civariabletype) | Type of the variable. |
+
 ### `ClusterAgent`
 #### Fields
@@ -11747,6 +11794,7 @@ four standard [pagination arguments](#connection-pagination-arguments):
 | <a id="groupallowstalerunnerpruning"></a>`allowStaleRunnerPruning` | [`Boolean!`](#boolean) | Indicates whether to regularly prune stale group runners. Defaults to false. |
 | <a id="groupautodevopsenabled"></a>`autoDevopsEnabled` | [`Boolean`](#boolean) | Indicates whether Auto DevOps is enabled for all projects within this group. |
 | <a id="groupavatarurl"></a>`avatarUrl` | [`String`](#string) | Avatar URL of the group. |
+| <a id="groupcivariables"></a>`ciVariables` | [`CiVariableConnection`](#civariableconnection) | List of the group's CI/CD variables. (see [Connections](#connections)) |
 | <a id="groupclusteragents"></a>`clusterAgents` | [`ClusterAgentConnection`](#clusteragentconnection) | Cluster agents associated with projects in the group and its subgroups. (see [Connections](#connections)) |
 | <a id="groupcontainerrepositoriescount"></a>`containerRepositoriesCount` | [`Int!`](#int) | Number of container repositories in the group. |
 | <a id="groupcontainslockedprojects"></a>`containsLockedProjects` | [`Boolean!`](#boolean) | Includes at least one project where the repository size exceeds the limit. |
@@ -15004,6 +15052,7 @@ Represents vulnerability finding of a security report on the pipeline.
 | <a id="projectcicdsettings"></a>`ciCdSettings` | [`ProjectCiCdSetting`](#projectcicdsetting) | CI/CD settings for the project. |
 | <a id="projectciconfigpathordefault"></a>`ciConfigPathOrDefault` | [`String!`](#string) | Path of the CI configuration file. |
 | <a id="projectcijobtokenscope"></a>`ciJobTokenScope` | [`CiJobTokenScopeType`](#cijobtokenscopetype) | The CI Job Tokens scope of access. |
+| <a id="projectcivariables"></a>`ciVariables` | [`CiVariableConnection`](#civariableconnection) | List of the project's CI/CD variables. (see [Connections](#connections)) |
 | <a id="projectclusteragents"></a>`clusterAgents` | [`ClusterAgentConnection`](#clusteragentconnection) | Cluster agents associated with the project. (see [Connections](#connections)) |
 | <a id="projectcodecoveragesummary"></a>`codeCoverageSummary` | [`CodeCoverageSummary`](#codecoveragesummary) | Code coverage summary associated with the project. |
 | <a id="projectcomplianceframeworks"></a>`complianceFrameworks` | [`ComplianceFrameworkConnection`](#complianceframeworkconnection) | Compliance frameworks associated with the project. (see [Connections](#connections)) |
@@ -18661,6 +18710,13 @@ Values for sorting runners.
 | <a id="cirunnerupgradestatustyperecommended"></a>`RECOMMENDED` | Upgrade is available and recommended for the runner. |
 | <a id="cirunnerupgradestatustypeunknown"></a>`UNKNOWN` | Upgrade status is unknown. |
+### `CiVariableType`
+
+| Value | Description |
+| ----- | ----------- |
+| <a id="civariabletypeenv_var"></a>`ENV_VAR` | Env var type. |
+| <a id="civariabletypefile"></a>`FILE` | File type. |
+
 ### `CodeQualityDegradationSeverity`
 | Value | Description |

spec/graphql/types/ci/variable_type_enum_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe GitlabSchema.types['CiVariableType'] do
+  it 'matches the keys of Ci::Variable.variable_types' do
+    expect(described_class.values.keys).to contain_exactly('ENV_VAR', 'FILE')
+  end
+end

spec/graphql/types/ci/variables_type_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe GitlabSchema.types['CiVariable'] do
+  it 'contains attributes related to CI variables' do
+    expect(described_class).to have_graphql_fields(
+      :id, :key, :value, :variable_type, :protected, :masked, :raw
+    )
+  end
+end

spec/graphql/types/group_type_spec.rb

@@ -23,7 +23,7 @@
       dependency_proxy_blob_count dependency_proxy_total_size
       dependency_proxy_image_prefix dependency_proxy_image_ttl_policy
       shared_runners_setting timelogs organizations contacts work_item_types
-      recent_issue_boards
+      recent_issue_boards ci_variables
     ]
 
     expect(described_class).to include_graphql_fields(*expected_fields)

spec/graphql/types/project_type_spec.rb

@@ -36,7 +36,8 @@
       pipeline_analytics squash_read_only sast_ci_configuration
       cluster_agent cluster_agents agent_configurations
       ci_template timelogs merge_commit_template squash_commit_template work_item_types
-      recent_issue_boards ci_config_path_or_default packages_cleanup_policy
+      recent_issue_boards ci_config_path_or_default packages_cleanup_policy ci_variables
+      recent_issue_boards ci_config_path_or_default ci_variables
     ]
 
     expect(described_class).to include_graphql_fields(*expected_fields)

spec/graphql/types/query_type_spec.rb

@@ -30,6 +30,7 @@
       board_list
       topics
       gitpod_enabled
+      ci_variables
     ]
 
     expect(described_class).to have_graphql_fields(*expected_fields).at_least

spec/requests/api/graphql/ci/group_variables_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe 'Query.group(fullPath).ciVariables' do
+  include GraphqlHelpers
+
+  let_it_be(:group) { create(:group) }
+  let_it_be(:user) { create(:user) }
+
+  let(:query) do
+    %(
+      query {
+        group(fullPath: "#{group.full_path}") {
+          ciVariables {
+            nodes {
+              id
+              key
+              value
+              variableType
+              protected
+              masked
+              raw
+            }
+          }
+        }
+      }
+    )
+  end
+
+  context 'when the user can administer the group' do
+    before do
+      group.add_owner(user)
+    end
+
+    it "returns the group's CI variables" do
+      variable = create(:ci_group_variable, group: group, key: 'TEST_VAR', value: 'test',
+                        masked: false, protected: true, raw: true)
+
+      post_graphql(query, current_user: user)
+
+      expect(graphql_data.dig('group', 'ciVariables', 'nodes')).to contain_exactly({
+        'id' => variable.to_global_id.to_s,
+        'key' => 'TEST_VAR',
+        'value' => 'test',
+        'variableType' => 'ENV_VAR',
+        'masked' => false,
+        'protected' => true,
+        'raw' => true
+      })
+    end
+  end
+
+  context 'when the user cannot administer the group' do
+    it 'returns nothing' do
+      create(:ci_group_variable, group: group, value: 'verysecret', masked: true)
+
+      group.add_developer(user)
+
+      post_graphql(query, current_user: user)
+
+      expect(graphql_data.dig('group', 'ciVariables')).to be_nil
+    end
+  end
+end

spec/requests/api/graphql/ci/instance_variables_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe 'Query.ciVariables' do
+  include GraphqlHelpers
+
+  let(:query) do
+    %(
+      query {
+        ciVariables {
+          nodes {
+            id
+            key
+            value
+            variableType
+            protected
+            masked
+            raw
+          }
+        }
+      }
+    )
+  end
+
+  context 'when the user is an admin' do
+    let_it_be(:user) { create(:admin) }
+
+    it "returns the instance's CI variables" do
+      variable = create(:ci_instance_variable, key: 'TEST_VAR', value: 'test',
+                        masked: false, protected: true, raw: true)
+
+      post_graphql(query, current_user: user)
+
+      expect(graphql_data.dig('ciVariables', 'nodes')).to contain_exactly({
+        'id' => variable.to_global_id.to_s,
+        'key' => 'TEST_VAR',
+        'value' => 'test',
+        'variableType' => 'ENV_VAR',
+        'masked' => false,
+        'protected' => true,
+        'raw' => true
+      })
+    end
+  end
+
+  context 'when the user is not an admin' do
+    let_it_be(:user) { create(:user) }
+
+    it 'returns nothing' do
+      create(:ci_instance_variable, value: 'verysecret', masked: true)
+
+      post_graphql(query, current_user: user)
+
+      expect(graphql_data.dig('ciVariables')).to be_nil
+    end
+  end
+end

spec/requests/api/graphql/ci/project_variables_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe 'Query.project(fullPath).ciVariables' do
+  include GraphqlHelpers
+
+  let_it_be(:project) { create(:project) }
+  let_it_be(:user) { create(:user) }
+
+  let(:query) do
+    %(
+      query {
+        project(fullPath: "#{project.full_path}") {
+          ciVariables {
+            nodes {
+              id
+              key
+              value
+              variableType
+              protected
+              masked
+              raw
+            }
+          }
+        }
+      }
+    )
+  end
+
+  context 'when the user can administer builds' do
+    before do
+      project.add_maintainer(user)
+    end
+
+    it "returns the project's CI variables" do
+      variable = create(:ci_variable, project: project, key: 'TEST_VAR', value: 'test',
+                        masked: false, protected: true, raw: true)
+
+      post_graphql(query, current_user: user)
+
+      expect(graphql_data.dig('project', 'ciVariables', 'nodes')).to contain_exactly({
+        'id' => variable.to_global_id.to_s,
+        'key' => 'TEST_VAR',
+        'value' => 'test',
+        'variableType' => 'ENV_VAR',
+        'masked' => false,
+        'protected' => true,
+        'raw' => true
+      })
+    end
+  end
+
+  context 'when the user cannot administer builds' do
+    it 'returns nothing' do
+      create(:ci_variable, project: project, value: 'verysecret', masked: true)
+
+      project.add_developer(user)
+
+      post_graphql(query, current_user: user)
+
+      expect(graphql_data.dig('project', 'ciVariables')).to be_nil
+    end
+  end
+end